Jan Engelhardt wrote: > On Jan 21 2008 02:14, Pablo Neira Ayuso wrote: >> BTW, it would be great if we add support for layer 4 protocol state >> matching, e.g. match TCP established. We can use this together with the >> target that would mark certain events as volatile, e.g. >> >> iptables -A 192.168.0.0/24 -m conntrack ! --tcp-state ESTABLISHED -j >> VOLATILE > > And what's xt_VOLATILE do? (Was it hidden in your recent > xt_CONNTRACK submission?) Indeed. Just set the IPCT_VOLATILE flag to tell ctnetlink to skip that event. It would be a very simple target. I don't know if VOLATILE would be a nice name, perhaps CTNETLINK. -- "Los honestos son inadaptados sociales" -- Les Luthiers - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
